<html>
<head><meta charset="utf-8"><title>exploit mitigations · wg-secure-code · Zulip Chat Archive</title></head>
<h2>Stream: <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/index.html">wg-secure-code</a></h2>
<h3>Topic: <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/exploit.20mitigations.html">exploit mitigations</a></h3>

<hr>

<base href="https://rust-lang.zulipchat.com">

<head><link href="https://rust-lang.github.io/zulip_archive/style.css" rel="stylesheet"></head>

<a name="193781628"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/exploit%20mitigations/near/193781628" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/exploit.20mitigations.html#193781628">(Apr 13 2020 at 15:13)</a>:</h4>
<p>There seems to be no docs on what exploit mitigations - which are applied to Rust code by default, and which ones can be enabled manually. I've only found closed issues and a few scattered PRs myself. I've opened a bug on rust-lang/rust about this: <a href="https://github.com/rust-lang/rust/issues/71098" title="https://github.com/rust-lang/rust/issues/71098">https://github.com/rust-lang/rust/issues/71098</a></p>



<a name="199695166"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/exploit%20mitigations/near/199695166" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ramon de C Valle <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/exploit.20mitigations.html#199695166">(Jun 04 2020 at 00:52)</a>:</h4>
<p>I'm currently working on a document for a project and I've been able to document almost all mitigations, how they apply to Rust, and their story with it (with comprehensive references, including all relevant GitHub issues and pull requests). However, I couldn't find any information about control flow enforcement, safe stack, and speculative load hardening (besides <a href="https://internals.rust-lang.org/t/thoughts-on-hardening/4771">https://internals.rust-lang.org/t/thoughts-on-hardening/4771</a>). What is the Secure Code WG stance on these? Where would be the best place to contribute it to? The Nomicon?</p>



<a name="199695922"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/exploit%20mitigations/near/199695922" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ramon de C Valle <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/exploit.20mitigations.html#199695922">(Jun 04 2020 at 01:08)</a>:</h4>
<p>I also couldn't find an official stance on stack smashing protection but brson's comment at <a href="https://github.com/rust-lang/rust/pull/30859#issuecomment-172148714">https://github.com/rust-lang/rust/pull/30859#issuecomment-172148714</a>. Is it the official and still the Secure Code WG stance on it?</p>



<a name="199801994"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/exploit%20mitigations/near/199801994" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/exploit.20mitigations.html#199801994">(Jun 04 2020 at 20:05)</a>:</h4>
<p>Oh wow, that's great! I'm not 100% sure a great place for it currently exists. Perhaps <a href="https://doc.rust-lang.org/rustc/">https://doc.rust-lang.org/rustc/</a> or <a href="https://doc.rust-lang.org/unstable-book/">https://doc.rust-lang.org/unstable-book/</a></p>



<a name="199802777"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/exploit%20mitigations/near/199802777" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/exploit.20mitigations.html#199802777">(Jun 04 2020 at 20:12)</a>:</h4>
<p>I can't speak for the whole group, but stack smashing protection sounds like a good thing to have on by default. I believe most Linux distros either recommend it or have it on by default. On the other hand, I've skimmed through the RustSec advisory DB and I cannot see any stack buffer overflows, so I'm not 100% sure it's going to be actually useful.<br>
I won't speculate about the performance impact of that - a Crater run can give us actual data on that.</p>



<a name="199802856"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/exploit%20mitigations/near/199802856" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/exploit.20mitigations.html#199802856">(Jun 04 2020 at 20:13)</a>:</h4>
<p>I believe the compiler team would be your best contact for this; check <a class="stream" data-stream-id="131828" href="/#narrow/stream/131828-t-compiler">#t-compiler</a></p>



<a name="199803126"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/exploit%20mitigations/near/199803126" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/exploit.20mitigations.html#199803126">(Jun 04 2020 at 20:16)</a>:</h4>
<p>Also brson's comment in  <a href="https://github.com/rust-lang/rust/pull/30859#issuecomment-172148714">https://github.com/rust-lang/rust/pull/30859#issuecomment-172148714</a> talks about stack <em>overflow</em> protection, not stack <em>smashing</em> protection. Stack smashing is corrupting the contents of the stack in the middle of it; stack overflow is the stack growing uncontrollably and potentially overwriting parts of the heap. Rust currently guarantees protection against stack overflow only on <em>some</em> platforms, which is implemented via guard pages.</p>



<a name="199803518"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/exploit%20mitigations/near/199803518" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alex Gaynor <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/exploit.20mitigations.html#199803518">(Jun 04 2020 at 20:20)</a>:</h4>
<p>Many years ago <code>-fstack-protector-strong</code> was introduced to clang/GCC, which tried to limit which functions got stack protection intelligently, to limit performance impact. I guess you could do an even more intelligent version for rust!</p>



<a name="199804110"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/exploit%20mitigations/near/199804110" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/exploit.20mitigations.html#199804110">(Jun 04 2020 at 20:25)</a>:</h4>
<p>Only do it for the functions that have unsafe in them or in functions that have been inlined? That's... interesting.</p>



<a name="199805691"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/exploit%20mitigations/near/199805691" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alex Gaynor <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/exploit.20mitigations.html#199805691">(Jun 04 2020 at 20:40)</a>:</h4>
<p>Or pass the address/reference to a stack buffer to something that does that, yeah.</p>



<a name="199809700"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/exploit%20mitigations/near/199809700" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ramon de C Valle <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/exploit.20mitigations.html#199809700">(Jun 04 2020 at 21:18)</a>:</h4>
<p><span class="user-mention silent" data-user-id="127617">Shnatsel</span> <a href="#narrow/stream/146229-wg-secure-code/topic/exploit.20mitigations/near/199801994">said</a>:</p>
<blockquote>
<p>Oh wow, that's great! I'm not 100% sure a great place for it currently exists. Perhaps <a href="https://doc.rust-lang.org/rustc/">https://doc.rust-lang.org/rustc/</a> or <a href="https://doc.rust-lang.org/unstable-book/">https://doc.rust-lang.org/unstable-book/</a></p>
</blockquote>
<p>Thanks! I'll take a look at them and submit a PR after I finish it.</p>



<a name="199809743"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/exploit%20mitigations/near/199809743" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ramon de C Valle <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/exploit.20mitigations.html#199809743">(Jun 04 2020 at 21:19)</a>:</h4>
<p><span class="user-mention silent" data-user-id="127617">Shnatsel</span> <a href="#narrow/stream/146229-wg-secure-code/topic/exploit.20mitigations/near/199802856">said</a>:</p>
<blockquote>
<p>I believe the compiler team would be your best contact for this; check <a class="stream" data-stream-id="131828" href="/#narrow/stream/131828-t-compiler">#t-compiler</a></p>
</blockquote>
<p>Thanks! I'll reach out to them.</p>



<a name="199809784"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/exploit%20mitigations/near/199809784" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ramon de C Valle <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/exploit.20mitigations.html#199809784">(Jun 04 2020 at 21:19)</a>:</h4>
<p><span class="user-mention silent" data-user-id="127617">Shnatsel</span> <a href="#narrow/stream/146229-wg-secure-code/topic/exploit.20mitigations/near/199803126">said</a>:</p>
<blockquote>
<p>Also brson's comment in  <a href="https://github.com/rust-lang/rust/pull/30859#issuecomment-172148714">https://github.com/rust-lang/rust/pull/30859#issuecomment-172148714</a> talks about stack <em>overflow</em> protection, not stack <em>smashing</em> protection. Stack smashing is corrupting the contents of the stack in the middle of it; stack overflow is the stack growing uncontrollably and potentially overwriting parts of the heap. Rust currently guarantees protection against stack overflow only on <em>some</em> platforms, which is implemented via guard pages.</p>
</blockquote>
<p>Sorry. I thought he was referring to stack smashing protection and not stack clashing protection--I've the latter covered already.</p>



<a name="199810046"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/exploit%20mitigations/near/199810046" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ramon de C Valle <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/exploit.20mitigations.html#199810046">(Jun 04 2020 at 21:22)</a>:</h4>
<p><span class="user-mention silent" data-user-id="130046">Alex Gaynor</span> <a href="#narrow/stream/146229-wg-secure-code/topic/exploit.20mitigations/near/199803518">said</a>:</p>
<blockquote>
<p>Many years ago <code>-fstack-protector-strong</code> was introduced to clang/GCC, which tried to limit which functions got stack protection intelligently, to limit performance impact. I guess you could do an even more intelligent version for rust!</p>
</blockquote>
<p>If possible, having better heuristics than <code>-fstack-protector-strong</code> has already would be great indeed.</p>



<a name="201791553"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/exploit%20mitigations/near/201791553" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/exploit.20mitigations.html#201791553">(Jun 23 2020 at 22:23)</a>:</h4>
<p><span class="user-mention" data-user-id="295814">@Ramon de C Valle</span> you'll probably be interested in this: <a href="https://harald.hoyer.xyz/rust-static-pie/">https://harald.hoyer.xyz/rust-static-pie/</a></p>



<a name="204262163"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/exploit%20mitigations/near/204262163" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ramon de C Valle <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/exploit.20mitigations.html#204262163">(Jul 17 2020 at 21:33)</a>:</h4>
<p><span class="user-mention silent" data-user-id="127617">Shnatsel</span> <a href="#narrow/stream/146229-wg-secure-code/topic/exploit.20mitigations/near/201791553">said</a>:</p>
<blockquote>
<p><span class="user-mention silent" data-user-id="295814">Ramon de C Valle</span> you'll probably be interested in this: <a href="https://harald.hoyer.xyz/rust-static-pie/">https://harald.hoyer.xyz/rust-static-pie/</a></p>
</blockquote>
<p>Thanks for sending it out!</p>



<a name="204310592"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/exploit%20mitigations/near/204310592" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/exploit.20mitigations.html#204310592">(Jul 18 2020 at 17:52)</a>:</h4>
<p><span class="user-mention" data-user-id="295814">@Ramon de C Valle</span> By the way, do you have the results of your analysis so far written down anywhere? I'd be interested in getting an overview of the current situation, even if it's incomplete.</p>



<a name="204458884"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/exploit%20mitigations/near/204458884" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Ramon de C Valle <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/exploit.20mitigations.html#204458884">(Jul 20 2020 at 18:37)</a>:</h4>
<p><span class="user-mention silent" data-user-id="127617">Shnatsel</span> <a href="#narrow/stream/146229-wg-secure-code/topic/exploit.20mitigations/near/204310592">said</a>:</p>
<blockquote>
<p><span class="user-mention silent" data-user-id="295814">Ramon de C Valle</span> By the way, do you have the results of your analysis so far written down anywhere? I'd be interested in getting an overview of the current situation, even if it's incomplete.</p>
</blockquote>
<p>Sure. Just sent you. There are a few things I want to finish before sending a PR to the rustc book though.</p>



<a name="205422708"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/exploit%20mitigations/near/205422708" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/exploit.20mitigations.html#205422708">(Jul 29 2020 at 22:47)</a>:</h4>
<p><span class="user-mention" data-user-id="130046">@Alex Gaynor</span> I just wanted to say <a href="https://github.com/rust-lang/rfcs/pull/2635">https://github.com/rust-lang/rfcs/pull/2635</a> is great and I'm glad someone is working on this</p>



<a name="205422878"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/exploit%20mitigations/near/205422878" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/exploit.20mitigations.html#205422878">(Jul 29 2020 at 22:49)</a>:</h4>
<p>Also it's now possible to fuzz stdlib data structures rather easily via <a href="https://github.com/jakubadamw/rutenspitz">https://github.com/jakubadamw/rutenspitz</a> and I expect to find more bugs like <a href="https://github.com/rust-lang/rust/issues/72237">https://github.com/rust-lang/rust/issues/72237</a></p>



<a name="205423045"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/exploit%20mitigations/near/205423045" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/exploit.20mitigations.html#205423045">(Jul 29 2020 at 22:51)</a>:</h4>
<p>Fortunately this particular bug is benign, but I also expect more of <a href="https://blog.rust-lang.org/2018/09/21/Security-advisory-for-std.html">https://blog.rust-lang.org/2018/09/21/Security-advisory-for-std.html</a></p>



<a name="205423709"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/exploit%20mitigations/near/205423709" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alex Gaynor <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/exploit.20mitigations.html#205423709">(Jul 29 2020 at 23:01)</a>:</h4>
<p>Heh, working on it very very slowly.</p>



<a name="205425183"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/exploit%20mitigations/near/205425183" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/exploit.20mitigations.html#205425183">(Jul 29 2020 at 23:23)</a>:</h4>
<p>I should get around to fuzzing <code>std::String</code> properly now that rutenspitz exists</p>



<a name="205425189"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/exploit%20mitigations/near/205425189" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/exploit.20mitigations.html#205425189">(Jul 29 2020 at 23:23)</a>:</h4>
<p>Yet another item on the long list of stuff I should get around to</p>



<a name="205425324"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/exploit%20mitigations/near/205425324" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> DPC <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/exploit.20mitigations.html#205425324">(Jul 29 2020 at 23:24)</a>:</h4>
<p>if you need any help from the libs or compiler teams feel free to ping me <span aria-label="smile" class="emoji emoji-1f642" role="img" title="smile">:smile:</span></p>



<hr><p>Last updated: Aug 07 2021 at 22:04 UTC</p>
</html>